[dns-operations] Limiting DNSSEC-based amplification attacks (Was: Weird TXT record

Ray Bellis Ray.Bellis at nominet.org.uk
Wed Jun 22 09:43:35 UTC 2011

Previous message (by thread): [dns-operations] Limiting DNSSEC-based amplification attacks (Was: Weird TXT record
Next message (by thread): [dns-operations] Limiting DNSSEC-based amplification attacks (Was: Weird TXT record
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 22 Jun 2011, at 09:32, Dobbins, Roland wrote:

> iptables in front of any server, especially a DNS server, is a self-DoS waiting to happen.

Not if you have working ip6tables at the same time.

If you b0rk your main iptables you can still get in via IPv6 ;-)

Ray

Previous message (by thread): [dns-operations] Limiting DNSSEC-based amplification attacks (Was: Weird TXT record
Next message (by thread): [dns-operations] Limiting DNSSEC-based amplification attacks (Was: Weird TXT record
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dns-operations mailing list